← Back to home

Privacy Policy

Last updated: March 2026

Introduction

Waseela ("Company", "we", "us") is committed to protecting your privacy and personal data in accordance with Saudi Arabia's Personal Data Protection Law (PDPL) and its implementing regulations. This policy explains how we collect, use, and protect your data when you use the Waseela platform to manage WhatsApp conversations.

Data We Collect

  • Account data: Name, email address, password (hashed), and business name.
  • WhatsApp data: Customer phone numbers, conversation history, and media sent/received — stored solely for CRM purposes.
  • Billing data: Payment information is processed via Moyasar (a licensed Saudi payment gateway). We do not store card numbers.
  • Usage data: System logs, response times, and performance metrics — used to improve the service.
  • Cookies: We use cookies only for session management and language preferences.

How We Use Your Data

  • Operate the CRM platform and provide the unified inbox service.
  • Run AI-powered auto-replies, analytics, and reports within your account.
  • Send essential service notifications (invoices, security alerts).
  • Improve platform performance and fix bugs.
  • Comply with legal and regulatory obligations in Saudi Arabia.

We do not sell your personal data or your customers' data to any third party. We do not use your data for marketing unrelated to our services.

Third-Party Service Providers

We rely on trusted sub-processors to operate the platform:

  • Supabase: Cloud database and authentication services.
  • 360dialog: WhatsApp Business API gateway.
  • Moyasar: Licensed Saudi payment gateway.
  • Vercel: Application hosting and CDN.

All sub-processors are bound by data processing agreements compliant with applicable data protection standards.

Data Storage and Retention

Your data is stored in Supabase infrastructure located in the Middle East (Bahrain). We retain your account data for the duration of your subscription and for 90 days after account closure, after which it is permanently deleted. You may request immediate deletion at any time.

Your Rights under PDPL

Saudi Arabia's PDPL grants you the following rights:

  • Access: Obtain a full copy of your personal data.
  • Correction: Correct any inaccurate or incomplete data.
  • Deletion: Request deletion of your data (unless retention is legally required).
  • Export: Export your customer data in CSV format.
  • Objection: Object to the processing of your data for specific purposes.

To exercise any of these rights, contact us at: privacy@waseela.pro

Data Security

We apply strict security measures including: encryption in transit (TLS) and at rest (AES-256), role-based access controls, and regular security reviews. WhatsApp API keys and payment card tokens are encrypted with AES-256-GCM and never stored in plain text.

Changes to This Policy

We may update this policy periodically. We will notify you of material changes via your registered email or an in-platform notice. Continued use of the service after updates constitutes acceptance.

Contact Us

For any questions or complaints regarding this policy or our data processing:

  • Email: privacy@waseela.pro
  • Location: Kingdom of Saudi Arabia